Control column access
This document shows you how to control column access by adding BigQuerypolicy tags to table columns withDataform core.
You can setBigQuery policy tagson table columns in theconfig block in a table definition SQLX file.
Before you begin
In the Google Cloud console, go to theDataform page.
Select orcreate a repository.
Select orcreate a development workspace.
Required roles
To get the permissions that you need to add a BigQuery policy tag to a table in Dataform, ask your administrator to grant you theDataform Editor (roles/dataform.editor) IAM role on workspaces. For more information about granting roles, seeManage access to projects, folders, and organizations.
You might also be able to get the required permissions throughcustom roles or otherpredefined roles.
Additionally, you must grant theBigQuery roles for column-level access controlto yourDataform service agent or custom service account.
Add a BigQuery policy tag
To add a BigQuery policy tag to a table column, follow these steps:
- Go to your development workspace.
- In theFiles pane, expand
definitions/. - Select a table definition SQLX file.
In the
configblock, add a full tag identifier to a selectedcolumn in the following format:columns: { column_name: { bigqueryPolicyTags: ["FULL_TAG_IDENTIFIER"] } }ReplaceFULL_TAG_IDENTIFIER with the full identifierof the selected tag.
Optional: ClickFormat.
The following code sample shows theprojects/example-project/locations/us/taxonomies/123456789/policyTags/123456789sample BigQuery policy tag added tocolumn1:
config { type: "table", columns: { column1: { description: "Some description", bigqueryPolicyTags: ["projects/example-project/locations/us/taxonomies/123456789/policyTags/123456789"] } }}SELECT "test" AS column1What's next
- To learn more about BigQuery policy tags, seeIntroduction to column-level access control.
- To learn how to add BigQuery labels in Dataform, seeAdd BigQuery labels.
- To learn how to add Dataform tags to create collections of tables, seeAdd execution tags.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-15 UTC.